Penetration Testing mailing list archives
RE: Application Security
From: "Rivest, Philippe" <PRivest () transforce ca>
Date: Mon, 7 Jul 2008 13:46:52 -0400
I don't know exactly what kind of application you may want to use. So heres my own tool box list :) (Note you should consider this a draft) Have fun Tools for Foot printing 1. Nmap (Linux) http://nmap.org/download.html 2. THC Amap (Linux) http://www.thc.org/thc-amap/ 3. OpenSSH 1. SSH (linux) (built-in) 2. Putty (windows) http://www.openssh.org/windows.html 4. Netstumbler http://www.netstumbler.com/ 5. Sysinternal (pstools suite) http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx 6. P0f (Linux) http://lcamtuf.coredump.cx/p0f.shtml 7. Firewalk (Linux) http://www.packetfactory.net/projects/firewalk/ 8. ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/ 9. whois http://technet.microsoft.com/en-us/sysinternals/bb897435.aspx 10. psloglist http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx 11. Tor http://www.torproject.org/ 12. Web-harvest (http://web-harvest.sourceforge.net/) 13. Sam Spade http://64.233.167.104/search?q=cache:UXhTem4ujdUJ:www.softpedia.com/get/Netwo rk-Tools/Network-Tools-Suites/Sam-Spade.shtml+sam+spade&hl=fr&ct=clnk&cd=19&g l=ca 14. Maltego Vulnerability 1. Nessus (Linux) http://www.nessus.org/nessus/ 2. Nikto (Linux) http://www.cirt.net/nikto2 3. Paros proxy (Linux) http://www.parosproxy.org/index.shtml 4. ike-scan (Linux) http://www.nta-monitor.com/tools/ike-scan/ 5. SARA (Security Auditor's Research Assistant) (Linux) http://www-arc.com/sara/ 6. MBSA (not too sure I should use this) http://technet.microsoft.com/en-us/security/cc184923.aspx Exploit 1. Metasploit (Linux) http://www.metasploit.com/ 2. Netcat (Linux) http://netcat.sourceforge.net/ 3. Cain and abel http://www.oxid.it/cain.html 4. Sysinternal (pstools suite) http://technet.microsoft.com/en-us/sysinternals/bb896649.aspx 5. Perl, python 6. Bloodshed c++ http://www.bloodshed.net/devcpp.html Sniffing 1. Wireshark http://www.wireshark.org/ 2. Cain and abel http://www.oxid.it/cain.html 3. Airsnort (Linux) http://airsnort.shmoo.com/ 4. aircrack (Linux) Cracker 1. John the ripper (Linux) http://www.openwall.com/john/ 2. THC Hydra (Linux) http://www.thc.org/thc-hydra/ 3. LC4 (l0phtcrack) 4. pwdump (the new version fgdump and pwdump7) 5. Tcpdump (Linux) http://www.tcpdump.org/ Other 1- Cam studio (for evidence) Merci / Thanks Philippe Rivest, CEH Vérificateur interne en sécurité de l'information Courriel: Privest () transforce ca Téléphone: (514) 331-4417 www.transforce.ca Vous pourriez imprimer ce courriel, mais faire pousser un arbre c'est long. You could print this email, but it does takes a long time to grow trees. -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de GT GERONIMO, Frederick Joseph B. Envoyé : 7 juillet 2008 05:12 À : pen-test () securityfocus com Objet : Application Security Hello, I have been reading up on Application Security and Software Security Testing. I am interested tools you use in detecting any security bugs in business applications, may it be a web application, a C+ GUI, or what have you. Any opinion would be greatly appreciated. Thanks Fred This e-mail message (including attachments, if any) is intended for the use of the individual or the entity to whom it is addressed and may contain information that is privileged, proprietary, confidential and exempt from disclosure. If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender and delete this E-mail message immediately. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Application Security GT GERONIMO, Frederick Joseph B. (Jul 07)
- Re: Application Security kevin horvath (Jul 07)
- RE: Application Security Rivest, Philippe (Jul 07)
- Re: Application Security Meenal Mukadam (Jul 08)
- <Possible follow-ups>
- Re: Application Security abhishek . luck (Jul 08)